Cathay Pacific flags data breach affecting up to 9.4m passengers

Cathay Pacific Airways on Wednesday (Oct 24) said that it has discovered unauthorised access to some of its information system containing the passenger data of up to 9.4 million people. A Cathay Pacific 747 passenger plane taxis upon landing at Hong Kong’s international airport. (AFP PHOTO/LAURENT FIEVET) The company said it initially discovered suspicious activity on its network in March 2018 and investigations in early May confirmed that certain personal data had been accessed. It has notified the Hong Kong police and relevant authorities. Personal data accessed included “passenger name, nationality, date of birth, phone number, email, address, passport number, identity card number, frequent flyer programme membership number, customer service remarks and historical travel information,” said the company. Cathay said 860,000 passport numbers and about 245,000 Hong Kong identity card numbers were accessed, along with 403 expired credit card numbers and 27 credit card numbers with no Card Verification Value (CVV). “The combination of data accessed varies for each affected passenger,” said the company. It added that it had “no evidence” any of the personal data had been misused. “Upon discovery, the company took immediate action to investigate and contain the event,” it said. “The company has no evidence that any personal information has been misused.” “The IT systems affected are totally separate from its flight operations systems, and there is no impact on flight safety.” The company is in the process of contacting affected passengers, said Cathay Pacific CEO Rupert Hogg. “We have no evidence that any personal data… [Read full story]